* Re: combining 'fw' and 'u32' classfier?
2015-08-10 13:39 combining 'fw' and 'u32' classfier? Akshat Kakkar
@ 2015-08-11 8:35 ` Vitaly Repin
2015-08-11 9:31 ` Andy Furniss
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Vitaly Repin @ 2015-08-11 8:35 UTC (permalink / raw)
To: lartc
Hello,
I had the same question several weeks ago and found this document:
http://tcn.hypert.net/tcmanual.pdf
See "2.2.3 Complex Filter Commands". It looks like this method can
help. But I am not sure - looks really really complicated.
I ended with iptables "-j CLASSIFY" target - it's much simpler to say
what I wanted using iptables notation.
2015-08-10 16:27 GMT+03:00 Akshat Kakkar <akshat.1984@gmail.com>:
> IS there a possibility to combine 'fw' classifier and 'u32' classifier
> to frame rule like if fw mark is 100 and destination is 8.8.8.8 then
> do rate limiting by flow id 1:1.
> --
> To unsubscribe from this list: send the line "unsubscribe lartc" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
WBR & WBW, Vitaly
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: combining 'fw' and 'u32' classfier?
2015-08-10 13:39 combining 'fw' and 'u32' classfier? Akshat Kakkar
2015-08-11 8:35 ` Vitaly Repin
@ 2015-08-11 9:31 ` Andy Furniss
2015-08-11 12:14 ` Akshat Kakkar
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Andy Furniss @ 2015-08-11 9:31 UTC (permalink / raw)
To: lartc
Akshat Kakkar wrote:
> IS there a possibility to combine 'fw' classifier and 'u32'
> classifier to frame rule like if fw mark is 100 and destination is
> 8.8.8.8 then do rate limiting by flow id 1:1.
Use u32 match mark.
You can do quite complex stuff with the mark match eg. you can work in
hex in both iptables and u32 match (by putting 0x before the marks).
This allows you to use bitwise commands like or in iptables to modify
sections of marks that have already been set elsewhere and later in tc
use masks to look at different bits of a mark.
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: combining 'fw' and 'u32' classfier?
2015-08-10 13:39 combining 'fw' and 'u32' classfier? Akshat Kakkar
2015-08-11 8:35 ` Vitaly Repin
2015-08-11 9:31 ` Andy Furniss
@ 2015-08-11 12:14 ` Akshat Kakkar
2015-08-11 12:14 ` Akshat Kakkar
2015-08-11 14:33 ` Andy Furniss
4 siblings, 0 replies; 6+ messages in thread
From: Akshat Kakkar @ 2015-08-11 12:14 UTC (permalink / raw)
To: lartc
Aa haa !!!
Dont know how I missed on that. That precisely look the thing which I
wanted "u32 match mark 0xABCD 0xffff".
Thanks Andy. Thanks a lot.
On Tue, Aug 11, 2015 at 3:01 PM, Andy Furniss <adf.lists@gmail.com> wrote:
> Akshat Kakkar wrote:
>>
>> IS there a possibility to combine 'fw' classifier and 'u32'
>> classifier to frame rule like if fw mark is 100 and destination is
>> 8.8.8.8 then do rate limiting by flow id 1:1.
>
>
> Use u32 match mark.
>
> You can do quite complex stuff with the mark match eg. you can work in
> hex in both iptables and u32 match (by putting 0x before the marks).
>
> This allows you to use bitwise commands like or in iptables to modify
> sections of marks that have already been set elsewhere and later in tc
> use masks to look at different bits of a mark.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: combining 'fw' and 'u32' classfier?
2015-08-10 13:39 combining 'fw' and 'u32' classfier? Akshat Kakkar
` (2 preceding siblings ...)
2015-08-11 12:14 ` Akshat Kakkar
@ 2015-08-11 12:14 ` Akshat Kakkar
2015-08-11 14:33 ` Andy Furniss
4 siblings, 0 replies; 6+ messages in thread
From: Akshat Kakkar @ 2015-08-11 12:14 UTC (permalink / raw)
To: lartc
Hi Vitaly,
Thanks for the reply.
What I am trying to achieve is per IP (random IPs) bw limit, and also
per fw rule bw limit so I am ready for complexity. :)
I am already using hashing so that much complexity I am already
handling (no other option :( ! )
Thanks for sharing that document.
On Tue, Aug 11, 2015 at 2:05 PM, Vitaly Repin <vitaly.repin@gmail.com> wrote:
> Hello,
>
> I had the same question several weeks ago and found this document:
> http://tcn.hypert.net/tcmanual.pdf
>
> See "2.2.3 Complex Filter Commands". It looks like this method can
> help. But I am not sure - looks really really complicated.
>
> I ended with iptables "-j CLASSIFY" target - it's much simpler to say
> what I wanted using iptables notation.
>
>
> 2015-08-10 16:27 GMT+03:00 Akshat Kakkar <akshat.1984@gmail.com>:
>> IS there a possibility to combine 'fw' classifier and 'u32' classifier
>> to frame rule like if fw mark is 100 and destination is 8.8.8.8 then
>> do rate limiting by flow id 1:1.
>> --
>> To unsubscribe from this list: send the line "unsubscribe lartc" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
> --
> WBR & WBW, Vitaly
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: combining 'fw' and 'u32' classfier?
2015-08-10 13:39 combining 'fw' and 'u32' classfier? Akshat Kakkar
` (3 preceding siblings ...)
2015-08-11 12:14 ` Akshat Kakkar
@ 2015-08-11 14:33 ` Andy Furniss
4 siblings, 0 replies; 6+ messages in thread
From: Andy Furniss @ 2015-08-11 14:33 UTC (permalink / raw)
To: lartc
Akshat Kakkar wrote:
> Aa haa !!!
>
> Dont know how I missed on that. That precisely look the thing which
> I wanted "u32 match mark 0xABCD 0xffff".
Cool, and of course (unless I mis-remember) marks are 32bit, so there
are more bits to play with if needed.
^ permalink raw reply [flat|nested] 6+ messages in thread